Total
5641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45390 | 1 Jenkins | 1 Loader.io | 2025-04-30 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-45389 | 1 Jenkins | 1 Xp-dev | 2025-04-30 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | |||||
| CVE-2022-45385 | 1 Jenkins | 1 Cloudbees Docker Hub\/registry Notification | 2025-04-30 | N/A | 7.5 HIGH |
| A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2022-45394 | 1 Jenkins | 1 Delete Log | 2025-04-30 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | |||||
| CVE-2024-55072 | 1 Mealie | 1 Mealie | 2025-04-30 | N/A | 5.4 MEDIUM |
| A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. | |||||
| CVE-2025-46232 | 1 Alttext | 1 Alt Text Ai | 2025-04-30 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in alttextai Download Alt Text AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Alt Text AI: from n/a through 1.9.93. | |||||
| CVE-2024-52921 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 5.3 MEDIUM |
| In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | |||||
| CVE-2022-45399 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2025-04-30 | N/A | 6.5 MEDIUM |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | |||||
| CVE-2024-55876 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch. | |||||
| CVE-2024-55879 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 9.1 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading. | |||||
| CVE-2022-42903 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-30 | N/A | 3.3 LOW |
| Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | |||||
| CVE-2025-46244 | 1 Multidots | 1 Advanced Linked Variations For Woocommerce | 2025-04-29 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3. | |||||
| CVE-2025-46247 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-29 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in codepeople Appointment Booking Calendar allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | |||||
| CVE-2025-31686 | 2025-04-29 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10. | |||||
| CVE-2025-31685 | 2025-04-29 | N/A | 9.1 CRITICAL | ||
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10. | |||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2025-04-29 | N/A | 9.8 CRITICAL |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | |||||
| CVE-2022-24190 | 1 Sz-fujia | 1 Ourphoto | 2025-04-29 | N/A | 7.5 HIGH |
| The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. | |||||
| CVE-2025-31720 | 1 Jenkins | 1 Jenkins | 2025-04-29 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. | |||||
| CVE-2025-31721 | 1 Jenkins | 1 Jenkins | 2025-04-29 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. | |||||